Re: How do I avoid Assert()?
From: Eugene V. Bobukh [MS] (eugenebo_at_online.microsoft.com)
Date: 06/26/03
- Next message: Niels Ladegaard Beck: "Re: How do I avoid Assert()?"
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: IPrincipal hack?"
- In reply to: Niels Ladegaard Beck: "How do I avoid Assert()?"
- Next in thread: Niels Ladegaard Beck: "Re: How do I avoid Assert()?"
- Reply: Niels Ladegaard Beck: "Re: How do I avoid Assert()?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 Jun 2003 13:32:00 -0700
Niels,
The key thing about it is that any assembly can assert any permission it has
been granted [upon load time]. Denying anything higher on the stack does not
change the assembly grant set, it just stops the stackwalk, as well as
Assert.
Thus, there might be several ways to solve this problem:
1. "Regular" way: create an AppDomain, restrict Security on it so there is
no file access there, load assembly into it and run it. Since assembly does
not get file access in the grant set, it woun't be able to assert it.
2. Use assembly requestes to reduce grant sets. The following attribute
placed in B should do the trick:
[assembly:FileIOPermissionAttribute(SecurityAction.RequestRefuse, Read =
"C:\\"]
3. There is a SecurityPermission flag that controls ability to assert.
Removing it from the gant will disbale assertion, too:
[assembly:SecurityPermissionAttribute(SecurityAction.RequestRefuse,
Assertion = true]
-- Eugene V. Bobukh This message is provided "AS IS" with no warranties, and confers no rights. Any opinions or policies stated within it are my own and do not necessarily constitute those of my employer. ---- "Niels Ladegaard Beck" <niels_beck@hotmail.com> wrote in message news:urUsSFBPDHA.1556@TK2MSFTNGP10.phx.gbl... > Hello > > If I from an assembly, let's call it A, uses a method in another assembly, > let's call it B, and doesn't wish the method in B to have read access to > drive C, I will in write something like this in A: > > CodeAccessPermission permission = new > FileIOPermission(FileIOPermissionAccess.Read, @"c:\"); > permission.Deny(); > > If the method in B tries something like: > > CodeAccessPermission permission = new > FileIOPermission(FileIOPermissionAccess.Read, @"c:\fil.txt"); > permission.Demand(); > > It will find out, that it isn't allowed reading from drive C. > > BUT! If the method in B tries something like > > CodeAccessPermission permission = new > FileIOPermission(FileIOPermissionAccess.Read, @"c:\fil.txt"); > permission.Assert(); > > It will be granted access reading drive C :-( > > So my question is now: How do I effectively stop the method in B reading > from drive C? > > I've tried some different attributes both on assembly-level and > method-level, both in A and B, but nothing seems to help me :-( > > Thanks, > Niels Ladegaard Beck > > Sorry my poor english... > >
- Next message: Niels Ladegaard Beck: "Re: How do I avoid Assert()?"
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: IPrincipal hack?"
- In reply to: Niels Ladegaard Beck: "How do I avoid Assert()?"
- Next in thread: Niels Ladegaard Beck: "Re: How do I avoid Assert()?"
- Reply: Niels Ladegaard Beck: "Re: How do I avoid Assert()?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
